DnsMasq heap buffer overflow vulnerability

[RobReapz]

Whilst running an antivirus program on my PC it detected a network threat.

Type=DNS 

Port=53

vulnerability ID=CVE-2017-14491

[Netduma Fraser]

Thanks for bringing it to our attention, I'll let the devs know

[RobReapz]

Just to add that this is a problem for DumaOS and for original firmware 1.03.6j.

[RobReapz]

Any news on this topic?

[Netduma Admin]

Hi Rob - no, we won't be able to look at this for a while unfortunately. Which program were you using? Would help us to reproduce.

[RobReapz]

49 minutes ago, Netduma Admin said:

Hi Rob - no, we won't be able to look at this for a while unfortunately. Which program were you using? Would help us to reproduce.

Surely a potential security threat should be treated as high priority and at the top of the agenda?

[Netduma Admin]

19 minutes ago, RobReapz said:

Surely a potential security threat should be treated as high priority and at the top of the agenda?

I will share it with the devs so they can investigate.

[Netduma Admin]

Hi @RobReapz - just to update you on this. The devs are looking into it and if a fix is required, we will push this in milestone 1.4.

[RobReapz]

Any news on this topic? its been nearly half a year. Would be nice to get my netduma back on my network as i have taken it off.

[Netduma Admin]

13 hours ago, RobReapz said:

Any news on this topic? its been nearly half a year. Would be nice to get my netduma back on my network as i have taken it off.

Hi - we are working through DumaOS Milestone 1.4 still. I can update after that once Devs have completed the development of the Milestone.

[RobReapz]

Has this issue been resolved in 1.4? Still waiting to get my netduma back on my network, it has been nearly a year now. I thought with DumaOS updates were going to be "quick and easy to roll out" 

[Netduma Fraser]

We haven't completed development of the milestone so can't give any information yet. I am certain the devs will have this resolved though.